Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(76)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 419653003: Roll BoringSSL to pull in the following changes. (Closed)

Created:
6 years, 5 months ago by agl
Modified:
6 years, 5 months ago
Reviewers:
CC:
chromium-reviews
Project:
chromium
Visibility:
Public.

Description

Roll BoringSSL to pull in the following changes. BUG=397333 commit 794bf6e0cea9eca3406a821330be5dde0d014c47 Author: Adam Langley <agl@chromium.org>; Date: Thu Jul 24 17:16:16 2014 -0700 Fix OAEP with non-SHA hash functions. Due to merging our patched 1.0.1 code with the 1.0.2 code, some parts of upstream's 25f93585a70fb05bb9f911884ab95e560f662a5d didn't make it into the code. https://code.google.com/p/chromium/issues/detail?id=397333 commit 77a942b7fedb58ae1afee042255b4b9267abebca Author: David Benjamin <davidben@chromium.org>; Date: Tue Jul 15 01:22:50 2014 -0400 Don't use the RSA key exchange with a signing-only key. This removes the last case where the server generates an RSA key for the ServerKeyExchange. Remove the code for this. Client support to accept them still remains. Leave the APIs for now, but they don't do anything anymore. commit cd9969434c2b2c347f1fb12623ee240ae01ac942 Author: David Benjamin <davidben@chromium.org>; Date: Sun Jul 20 16:23:51 2014 -0400 Pass parameters to tls1_process_sigalgs as a CBS. Slightly cleaner; it means we can use CBS_stow. commit 060d9d2c563b3fbe00eff93e5033591504516e6c Author: David Benjamin <davidben@chromium.org>; Date: Tue Jul 15 00:54:26 2014 -0400 Remove support code for export cipher suites. Now the only case where temporary RSA keys are used on the server end is non-signing keys. commit 5ffeb7c22f367ba0094c3ef886ff6ec13ed63ded Author: David Benjamin <davidben@chromium.org>; Date: Tue Jul 15 00:34:01 2014 -0400 Remove two more quirks. SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG and SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. Neither of them have code that's even enabled. commit b9cc33a4d6d935f71c3e70af9718e716b00712e8 Author: David Benjamin <davidben@chromium.org>; Date: Tue Jul 15 00:09:48 2014 -0400 Remove SSL_OP_EPHEMERAL_RSA quirk. Also fix a place where fixes for the condition for sending ServerKeyExchange in s3_srvr.c were never propogated to d1_srvr.c. Tidy up that logic to use ssl_cipher_requires_server_key_exchange and simplify the PSK check. commit ff175b4a46c86cf4fba6200abfe799a778786ada Author: David Benjamin <davidben@chromium.org>; Date: Mon Jul 14 23:43:37 2014 -0400 unifdef OPENSSL_NO_PSK. Get those out of the way. commit 019c3cc64a6f8d76dcee044c6d0d9133424ac1cd Author: David Benjamin <davidben@chromium.org>; Date: Mon Jul 14 23:13:22 2014 -0400 Remove last remnants of GOST support. This removes support code for a "stream_mac" mode only used by GOST. Also get rid of this /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ comment next to it. It's not actually related to GOST (dates to OpenSSL initial commit), but isn't especially helpful at this point. commit 0e498f14d21b679d3d9b03eaa5551faecdb4bc18 Author: David Benjamin <davidben@chromium.org>; Date: Sun Jul 20 13:36:15 2014 -0400 Remove some remnants of SSLv2 support. Some ssl23 functions that can be folded into ssl3, declarations and macros that don't exist anymore. commit 39482a13aca033b72118807fadd152207e0fad8a Author: David Benjamin <davidben@chromium.org>; Date: Sun Jul 20 13:30:15 2014 -0400 Remove get_cipher_by_char and put_cipher_by_char. Without SSLv2, all cipher suite values are 2 bytes. Represent them as a uint16_t and make all functions pass those around rather than pointers. This removes SSL_CIPHER_find as it's unused. commit 0eb17906ab03bd3f8d2e83bc08abf94caf0ff489 Author: David Benjamin <davidben@chromium.org>; Date: Sun Jul 20 12:01:32 2014 -0400 Remove support for sending V2ClientHello. Accepting them as a server is still necessary, but this code is unreachable. Without SSLv2 support, none of the cipher suites are SSLv2, so ssl23_no_ssl2_ciphers always returns true and we send a V3ClientHello. commit d23f412a8afd20e1d5e3459d775d4eab0e3158c8 Author: David Benjamin <davidben@chromium.org>; Date: Wed Jul 23 15:09:48 2014 -0400 Improve test coverage around NewSessionTicket message. Test both when the peer doesn't support session tickets and when the server promises a NewSessionTicket message but doesn't deliver. commit 072334d943ef81d45f75d97cd722b46f1293f773 Author: David Benjamin <davidben@chromium.org>; Date: Sun Jul 13 16:24:27 2014 -0400 Consistently use uint16_t for curve IDs. Don't retain curve IDs in serialized form; serialization only happens when writing and reading from the wire. The internal representation is a uint16_t which matches the range of the value and avoids all the checks for the first byte being 0. This also fixes a bug in tls1_check_ec_tmp_key's suite B logic; the || should have been &&, though now it's gone. This doesn't relieve some of the other assumptions about curve IDs: tls1_set_curves still assumes that all curve IDs are under 32, and tls1_ec_curve_id2nid still assumes 0 is not a valid curve ID. Add a compile-time assert and a comment to document this. We're up to 28 now, so this may well need to be revised sooner or later. Remove SSL_get_shared_curve as it's new and unused API, using it in a loop is O(N^3), and lets us simplify a function. commit f3ec83dee05cfadf540dd66f44b4b99ae4f19b93 Author: David Benjamin <davidben@chromium.org>; Date: Mon Jul 21 22:42:34 2014 -0400 Add EarlyChangeCipherSpec tests. Adapted from patch in https://www.imperialviolet.org/2014/06/05/earlyccs.html. commit 1d5c83e063b4a432a6a14ea15a1a1484c8280006 Author: David Benjamin <davidben@chromium.org>; Date: Tue Jul 22 19:20:02 2014 -0400 Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. commit 6444287806d801b9a45baf1f6f02a0e3a16e144c Author: David Benjamin <davidben@chromium.org>; Date: Mon Jul 21 17:43:45 2014 -0400 Do not allow a Finished message when NewSessionTicket is expected. Per spec, the server sends it iff it sends the extension in ServerHello. There is no need to probe for whether Finished is or isn't sent. NSS is strict about this (wait_new_session_ticket never transitions to wait_change_cipher without a NewSessionTicket message), so this is safe. Reset tlsext_ticket_expected in ssl_scan_serverhello_tlsext to ensure state from the initial handshake doesn't confuse renegotiation. This is another one of those per-handshake states that should be systematically reset on each handshake. For now, reset it properly at least. commit 407886f589cf2dbaed82db0a44173036c3bc3317 Author: David Benjamin <davidben@chromium.org>; Date: Mon Jul 21 22:23:50 2014 -0400 Remove ssl3_check_finished. ssl3_get_new_session_ticket is sensible and fills in a session_id for stateless sessions, so the resumption will already be detected at this point. Remove the codepath in ssl3_client_hello which allows for resuming sessions with empty session_ids. The rest of the code doesn't allow it either. This removes another codepath where we potentially probe a Finished message early. commit 9eaeef81fa2d4fd6246dc02b6203fa936a5eaf67 Author: David Benjamin <davidben@chromium.org>; Date: Mon Jul 21 22:22:02 2014 -0400 Set s->hit when using tls_session_secret_cb. tls_session_secret_cb is used for EAP-FAST which computes the master secret externally and enters the abbreviated handshake. It appears to only have been working because ssl3_check_finished would drive it into the appropriate state afterwards. That, in turn, only has been working because EAP-FAST misuses the session ticket extension for some other field, so ssl3_check_finished isn't a no-op. Instead, set s->hit so it follows the abbreviated state machine directly. If we ever build wpa_supplicant with BoringSSL, this will require some testing. (And, if not, this API should be removed.) commit 6553b379e2dbda9d03f6892f45fa97e4d8a37f04 Author: David Benjamin <davidben@chromium.org>; Date: Tue Jul 22 14:11:30 2014 -0400 Don't accidentally read Finished in ssl3_get_cert_verify. This removes one place where we set CCS_OK. ssl3_get_cert_verify already knows whether or not to expect a CertificateVerify message, so there is no need to look ahead and potentially read ChangeCipherSpec early. commit b61b4de6dfd52cc4d0c90d32696ea37a769f3ba6 Author: David Benjamin <davidben@chromium.org>; Date: Tue Jul 22 19:05:46 2014 -0400 Fix runner.go session ticket support. Some test code to insert a bogus session ticket was retained. Also, decryptTicket mutated its input, in turn, mutating the ClientHello, breaking the Finished hash. The latter fix should probably be merged upstream. commit 42be6456cac38fd7608b5f3781b7fda41569c488 Author: David Benjamin <davidben@chromium.org>; Date: Mon Jul 21 14:50:23 2014 -0400 Add SkipChangeCipherSpec-Server-NPN test. Finished isn't always the first post-CCS message. Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=285610

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+1 line, -1 line) Patch
M DEPS View 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 1 (0 generated)
agl
6 years, 5 months ago (2014-07-25 17:22:26 UTC) #1
Message was sent while issue was closed. 
Committed patchset #1 manually as r285610.

Powered by Google App Engine
This is Rietveld 408576698